[Owasp-board] Code of conduct for OWASP events

Tobias tobias.gondrom at owasp.org
Sun Mar 1 09:47:49 UTC 2015


To strengthen the role and numbers of women in AppSec, should we 
revive/continue and improve the marketing for our Women in AppSec program?

In the past we had this program and I believe it was a great idea. 
Unfortunately our promotion of the program did not reach so many people 
IMHO....

Would there be any volunteers to lead this effort?

Best regards, Tobias




On 28/02/15 05:16, Noreen Whysel wrote:
> I was at that panel at the joint cybersecurity conference in Brooklyn. 
> In theory, it was a good idea. Highlight five women who were Chief 
> Security Officers at their respective firms. In practice, it was not 
> so great. It was held during lunch in a noisy gymnasium. The previous 
> sessions had gone over time and food had not been set up so the panel 
> had to start during a lot of clanging and ongoing conversation while 
> people were on line. To top it off the person who introduced them said 
> something to the effect of "We are going to see why women would want 
> to go into cybersecurity..it isn't a vey glamorous career."
>
> The panel itself was very good. Quite impressive women with stellar 
> backgrounds and a lot to say about strides they have made and the 
> development of the industry itself. One of the women addressed the 
> "glamour" question by stating that she felt it was indeed a glamorous 
> field to be in, but I really took it as a calling out of the poor 
> setup. By the end I feel that it had quieted enough to get something 
> meaningful out of it, at least for me, but there were still many 
> people who chatted with their lunch mates throughout the presentation. 
> I blame the setting more than the introducer, btw.
>
> That said, quotas are really hard. In the end it all comes down to who 
> submits. Best to strive toward encouraging as many talented women (and 
> people of color) as possible to present. Speaker mentoring can be 
> extremely helpful also. A lot of us, male and female, struggle with 
> Imposter Syndrome so any support is always appreciated.
>
> Noreen Whysel
> Community Manager
> OWASP Foundation
>
> On Feb 27, 2015, at 10:16 AM, Helen Gao <helen.gao at owasp.org 
> <mailto:helen.gao at owasp.org>> wrote:
>
>> Hi Andrew, Michael and the board.
>>
>> I don't know what made me to speak out twice in one day even though I 
>> am not a board member. But I admire Andrew's effort of bring this 
>> matter to the boardroom. The question of the desired percentage 
>> reminds me of the 30% Club <http://30percentclub.org/>. It's launched 
>> in the UK in 2010 with a goal of 30% women corporate boards by end 
>> 2015. We shouldn't set a hard percentage risking the quality of 
>> speakers, but the success of 30% Club did show the effectiveness of 
>> goal setting.
>>
>> BTW, 3 OWASP chapters in the New York metropolitan area are 
>> co-organizers of New York Metro Joint Cyber Security Conference 2015. 
>> There was a well received panel discussion of female CISOs in last 
>> year's conference. I expect to see more female participation this year.
>>
>> Regards,
>>
>> Helen
>>
>> On Fri, Feb 27, 2015 at 1:12 AM, Michael Coates 
>> <michael.coates at owasp.org <mailto:michael.coates at owasp.org>> wrote:
>>
>>     Andrew,
>>
>>     (To address the policies comments)
>>     Here are the conference speaker policies. These policies address
>>     most of your comments already.We just need to make sure the
>>     policies are visible on the conference website and not just on
>>     the owasp wiki and also in our terms and contracts.
>>
>>     https://www.owasp.org/index.php/Governance/Conference_Policies
>>
>>      I'll fix AppSecUSA in just a moment.
>>
>>     (Regarding diversity of speakers)
>>     Agree that more diversity in submission is better than less.
>>
>>     * Require conference committees to send out invitations to as
>>     many women speakers as possible there is diversity in submissions.
>>
>>     > I'm not sure what this means in practice. We're broadcasting out
>>     CFP far and wide. Perhaps the community can create a google
>>     spreadsheet with lists of ideas to advertise AppSec conferences.
>>     We can then make it standard practice for conferences to
>>     advertise CFP to everything on the list.
>>
>>     * We should also help with helping folks create solid CFPs that
>>     are more likely to succeed if submissions are to be chosen solely
>>     by merit.
>>
>>     > Certainly not against it. If a group wants to provide tips and
>>     techniques to make better CFPs then that's great. I don't think
>>     this should be a requirement or expectation of the conference
>>     organizers. They already have plenty of items on their plate.
>>
>>     * what is the desired percentage of talks that should be given by
>>     women, how we will achieve that goal, and when shall we achieve
>>     that goal?
>>
>>     > Discussion is good. We should always select the best talks for a
>>     conference. We should also always encourage a wide range of
>>     people to submit talks and help them submit good talks. In
>>     addition OWASP has such a range of speaking opportunities from
>>     global conferences to regional and local events there are
>>     numerous ways for people to build their speaking skills This
>>     however is separate from target percentages which I don't believe
>>     would have the net effect you're hoping for.
>>
>>
>>
>>     --
>>     Michael Coates | @_mwc
>>     <https://twitter.com/intent/user?screen_name=_mwc>
>>     OWASP Global Board
>>     Join me at AppSecUSA <http://AppSecUSA.org> 2015 in San Francisco!
>>
>>
>>
>>
>>     On Thu, Feb 26, 2015 at 7:13 PM, Andrew van der Stock
>>     <vanderaj at owasp.org <mailto:vanderaj at owasp.org>> wrote:
>>
>>         Hi folks,
>>
>>         It's way, way, way past time for discussions to start as we
>>         are running several global branded events in 2015 and NONE of
>>         them have a code of conduct or anti-harrassment policy and
>>         already two of our three or four events have either zero or
>>         only one woman speakers, despite AppSec EU having over 120
>>         CFP submissions.
>>
>>         If you believe things are fine or that is just how our
>>         industry is, that ship sailed back in 1950. Let's get to a
>>         consensus and work towards fixing this problem.
>>
>>         We have almost certainly started to sign up sponsors,
>>         vendors, and CFPs are open, so we have to do something now
>>         before we can't until 2016. Inaction allows the status quo to
>>         thrive, and it's really unacceptable.
>>
>>         LatAm Tour 2015: Speaker agreement: Nothing. No women speakers.
>>         https://www.owasp.org/images/4/4f/AppSec_Latam_2015_Speaker_Agreement.pdf
>>
>>         LatAm Tour 2015: Instructor agreement: Nothing. No women
>>         instructors as far as I can tell
>>         https://www.owasp.org/images/f/fa/LatamTour_2015_Training_Instructor_Agreement.pdf
>>
>>         LatAm Tour 2015: Sponsor opportunities. Nothing
>>         https://www.owasp.org/images/5/5f/Latam_Tour_2015_Sponsorship_Opportunities.pdf
>>
>>         AppSec EU 2015: Nothing in our speaker, sponsor, or vendor
>>         information. Just one woman co-speaker selected from 120
>>         submissions. Really? In 2015?
>>         http://2015.appsec.eu/wp-content/uploads/2014/12/AppSec-Eu_Research-2015_Amsterdam_Sponsor-document.pdf
>>
>>         AppSecUSA 2015 code of conduct: Nothing.
>>
>>         AppSecUSA 2015 vendor form: Nothing.
>>         https://docs.google.com/forms/d/1Mh7PoELRg1fyc9NHQVrzHrmEh3yEh3qPljKa93oISjc/viewform
>>
>>         AppSecUSA 2015 speaker agreement form: Nothing
>>         https://2015.appsecusa.org/c/wp-content/uploads/2015/02/AppSec-USA-2015_Speaker-Agreement.pdf
>>
>>         Maybe now you can see the problem. It shouldn't be up to the
>>         organizers of each year to determine and include these
>>         policies, they should be overlays for all our events, like
>>         our Code of Ethics is.
>>
>>         Despite all this doom and gloom, our anti-harassment policy
>>         for OWASP AppSec USA 2014 is okay. It's not surprising that
>>         there were women speakers at this event, but only just
>>         barely: five women speakers out of 78 (6%), including Kate
>>         who talked about starting a chapter. This is actually our
>>         best representation for all the events I looked at.
>>
>>         AppSecUSA 2014 Code of conduct:
>>         https://www.owasp.org/index.php/AppSec_USA_2014/Conference_Policies#Anti_Harassment_Policy**
>>
>>         It should be linked to in all speaker agreement, the vendor
>>         and sponsorship agreements. I am very disappointed that none
>>         of the events in 2015 seem to be using it.
>>
>>         Other code of conducts you may be interested in:
>>
>>         Linux.conf.au <http://Linux.conf.au> is the only global Linux
>>         conference Linus attends every year.
>>         http://linux.conf.au/cor/code_of_conduct
>>
>>         Black Hat did not implode with this code of conduct:
>>         https://www.blackhat.com/code-of-conduct.html
>>
>>         KiwiCon's Code of Conduct is antipodean direct:
>>         https://www.kiwicon.org/faq/code-of-conduct/
>>
>>         They kicked out speakers Ben Nagy and the Grugq last year, so
>>         it's not just ASCII art.
>>
>>         I wanted to share with you BruCon's Code of Conduct as they
>>         started with the Ada Initiative in 2013, and then modified it
>>         after it was used against them.
>>
>>         At the very least, I'm looking for the Board to discuss this
>>         issue at our next Board meeting, and I'd like for us to vote
>>         on the following as a package:
>>
>>         * We make AppSec USA's 2014 Code of Conduct / Anti-harassment
>>         policy the de facto starting point for all our conferences,
>>         globally.
>>
>>         * Adopt a reference in the standard OWASP Speaker's agreement
>>         form that points to this policy
>>
>>         * Add in a reference to the standard OWASP vendor / sponsor
>>         agreement form that points to this policy, as well as
>>         prohibiting sexualized staff members (booth babes and the
>>         fictitious booth dudes).
>>
>>         * Require the LatAm Tour, AppSec EU and AppSec US 2015
>>         organisers to use these updated policies, which will almost
>>         certainly entail getting back to the already chosen speakers,
>>         sponsors and vendors and getting them to re-agree to it. As
>>         it was already policy in 2014, this shouldn't be too much of
>>         a stretch as it was most likely overlooked or forgotten.
>>
>>         For AppSec USA 2015 and beyond, we really need to get them to
>>         encourage submissions from women. If a conference gets zero
>>         CFP submissions by women, you will have zero talks by women.
>>         I do not believe for a second there are zero women in our
>>         industry. We need to stop being passive about this, and start
>>         recruiting women to submit talks.
>>
>>         * Require conference committees to send out invitations to as
>>         many women speakers as possible there is diversity in
>>         submissions.
>>
>>         * We should also help with helping folks create solid CFPs
>>         that are more likely to succeed if submissions are to be
>>         chosen solely by merit. I don't think this should be
>>         restricted to just women, but should also include first time
>>         speakers, who often struggle to get their first speaking gig
>>         at a large conference.
>>
>>         I would like to get us to talk about the best way to achieve
>>         a desired outcome - what is the desired percentage of talks
>>         that should be given by women, how we will achieve that goal,
>>         and when shall we achieve that goal?
>>
>>         thanks,
>>         Andrew
>>
>>         _______________________________________________
>>         Owasp-board mailing list
>>         Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>>         https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>>
>>     _______________________________________________
>>     Owasp-board mailing list
>>     Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>>     https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>>
>>
>> -- 
>> Helen Gao, CISSP
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150301/3be1c2ee/attachment-0001.html>


More information about the Owasp-board mailing list